On Mon Jun 02, 2014 at 10:23:23 +0100, Steven Chamberlain wrote: > http://sources.debian.net/src/trafficserver/3.0.5-1/mgmt/tools/SysAPI.cc > > NOWARN_UNUSED_RETURN(system("/bin/mv -f /tmp/shadow /etc/shadow")); > > Won't that reset the shadow file's ownership to root:root? If default > umask is 027, the file won't be readable any more by the shadow group; > won't that break login if this code is ever used?
To be honest I couldn't see the /etc/shadow-touching code even being invoked. So while I think there are many issues here, including the loss of the `shadow` group membership it is probably the case that this doesn't matter. In more recent versions of trafficserver some of those functions have been removed, although there are still some /tmp-file abuses left in place. > (Or if umask is less strict for some reason, the file becomes > world-readable I suppose?) Yeah. > And there is plenty more /tmp abuse in that file - here it tries to > delete the file, but there is still a race before creating/writing to it: These are the more serious issues, because they're actually invoked/used, as you can determine via strace and grep. > Also there is plenty of code here not likely to work at all on a Debian > system. Agreed.. > [ Hoping this whole file isn't needed, and can simply go away :) ] In the older release some functions are defined but never used, those relating to /etc/shadow for example, but there remain bits that are called. Steve -- Let me steal your soul? http://stolen-souls.com
signature.asc
Description: Digital signature
